This is an area where it's really hard to extrapolate from my personal experience to the entire population, but is this really an accurate statement of many people's beliefs?
I think what people actually think is that the chances are much lower of encountering malware in the wild on a Mac. In support of that, having an article this long on a single piece of malware that isn't particularly damaging, would indicate that it's not the normal state of affairs in Mac land.
I would similarly expect that the chances of drive-by malware on Linux are tiny, perhaps even less common than on a Mac, and thus it would be newsworthy if there were some widespread (in relative terms) Gnome malware, or similar.
It's one thing to think that it's uncommon, and another to think that it's impossible.
It's a combination of a few things: (1) why bother investing time and resources for a platform with around 10% of users and (2) OSX has had strong security mechanisms e.g Gatekeeper, XProtect, App Sandbox. Windows 10 is much better but unfortunately not everyone is on that OS yet.
Implying Windows 8.1 has security problems... what are they?
If anyone remembers the vintage of this I'd love to dig an archived copy up.
Most users just don't think about it much, and the only exposure they got was ads telling them the thing doesn't get viruses, which Apple finally stopped doing in 2012 after have a very uncomfortable year... https://www.wired.com/2012/06/mac_viruses/
If you're here talking on HN, then yes, you probably fall into the category of folks who properly understand that uncommon != impossible. I sincerely doubt the vast majority of users make that jump.
>It may have been technically accurate that Macs don’t get gummed up with PC viruses, but the implication that Apple is virus-free is certainly misleading.
But that "implication" is an assumed implication that I haven't seen play out in my non-tech friends. I always thought that stories like those were just drummed up by anti-virus vendors to make sure that people continue buying their wares.
Look at this article and every article about Mac viruses.
Always an anti-virus vendor.
Yes -- and what people believe is also true. It's indeed much lower, to the point of being a non-issue almost.
(And it's not due to "lower market share" either. Mac OS 7/8 etc had even lower market share than today's Macs have, and it had tons of viruses).
That's not a valid comparison. When Mac OS 7/8 was mainstream, it was common to get software via a floppy disk that had already been in 10 other machines or from a fly-by-night BBS. Nowadays software distribution is far less peer-to-peer, and it's much more difficult for simple viruses to move from machine to machine.
> market share
If it's not market share, then what is it? The vast majority of malware attacks happen via social engineering, not zero day vulnerabilities, and the only requirements for that are a gullible user and a computer capable of running unsigned software.
Edit: Since I don't have access to a disposable Mac, just out of curiosity, what happens if you torrent something like "photoshop for mac full edition (cracked)" and try to install it? On a PC, assuming you make it through the hurricane of warnings Windows tries to throw in your way, this will almost certainly result in malware getting installed on your computer. What mechanism prevents this on a Mac?
That doesn't make sense. The software that back in the day would be in a disk that had "already been in 10 other machines", can now come from a website that serves millions of machines with the same malware infected programs.
> simple viruses
Read these words again. Regardless of whether there were tons of viruses on MacOS back in 1997, there's no way it's valid to hold up your thumb, squint, and say the current situation is better or worse. The malware on MacOS 8 was almost exclusively viruses made by hobbyists which self-propagated through channels that no longer exist. There were no command and control servers, strong encryption, muti-stage deployments over the web, etc. Modern malware is organized crime that relies primarily on people scamming other people, and requires a ton of back-end infrastructure and support.
In other words, it's harder and success depends on a whole different set of factors.
The person I was replying to was basically asserting that Apple fixed the virus problem that existed before OSX, and as a result malware cartels in 2017 aren't able to attack OSX. Would you believe it if they were saying polio vaccination campaigns in the 50's put a dent in drive-by shootings in the 90's?
No. Apple can't guarantee their software is secure, so their walled garden doesn't guarantee anything like what you say.
A while back Apple started pulling anti-virus apps from the app store presumably because they aren't needed: https://9to5mac.com/2015/03/19/apple-app-store-antivirus/. For contrast here is Microsoft's official article on protecting your PC from viruses: https://support.microsoft.com/en-us/help/17228/windows-prote...
In addition, about 80% of iPhones in use are running the latest version of iOS. Apple can patch exploits and have the majority of iPhones secured in a short amount of time. iOS is unique in that respect, and that is just one mitigating factor that makes iOS malware very implausible.
> A while back Apple started pulling anti-virus apps from the app store presumably because they aren't needed.
I think you presume too much. An effective antivirus program cannot run in a sandbox that isolates it from other processes. If Apple pulled 3rd party antivirus apps, I bet it was because they could not both work as advertised and simultaneously obey the sandbox, not because they "aren't needed" (presumably because the platform is "secure").
As for your original statement:
>> You can't get viruses on iOS unless you're jailbroken - Apple's walled garden pretty much guarantees that.
Here's a counterexample: https://www.kaspersky.com/blog/pegasus-spyware/14604/
Governments don't have special hacking powers, they mainly have money and manpower.
It's true, iOS might raise the bar a little bit compared to some other systems, but IMHO it's misleading and dangerous to claim that it's invulnerable.
Again, no. Here's another counterexample (which is recent and appears to have been active on the App Store for ~1yr):
"These malicious iOS apps provide a connection to a third party app store controlled by the author for user to download iOS apps or games. It encourages users to input their Apple IDs and passwords for more features, and provided these credentials will be uploaded to AceDeceiver’s C2 server after being encrypted."
That's not state actor stuff.
However, I shouldn't have to keep providing counterexamples to convince you of your absurd claims of practical invulnerability. Apple has not made any kind of security quantum leap: no one has. Apple's systems are vulnerable to the same types of flaws, by the same types of attackers, as any other system in wide use. The main difference is that Apple has restricted their platform to the extent they have an easier time implementing security best practices. iOS is still vulnerable to flaws Apple doesn't know about or hasn't patched, and those flaws can be exploited for as long as Apple remains unaware or fails to act. That's not fundamentally different position from Microsoft, Google, or any other similar company.
There have been a handful of cases of iOS malware over the years, but no serious exploit has been widespread. For an exhaustive list see here: https://www.theiphonewiki.com/wiki/Malware_for_iOS
The most wide spread malicious apps are generally apps that access private apis but manage to get through Apple's review process and onto the App Store. They can be far reaching but again they can't breach the sandbox which means the absolute worst thing they do is upload your email address to some server or try to trick you into giving away your password. I still stand by my assertion that the average user doesn't need to worry about malware on iOS.
False, they can breach the sandbox. The sandbox is software and it has exploitable flaws until proven otherwise (which hasn't happened).
Look, like I said in another comment: you'd be fine if you restricted yourself to relative comparisons, but for some reason you have to go too far and make absolute statements of security, statements which can't possibly be true. iOS might be more secure than other OSes, but it's still insecure, and it's dangerous and misleading to say that any users don't need to exercise reasonable caution.
So the point is that you aren't going to get malware on your small, entirely contrained and locked down portable computing device like you are on your larger, general purpose open computing device? Why even bother making that comparison?
OS X has plenty of vulnerabilities. If you want to make a coherent argument, source your claims that modern windows only requires you visit a site or open an email, and we can look to see if Apple has had similar vulnerabilities in equivalent products.
Probably true on almost every OS.
I've never seen nor heard of any actual malware outbreak from a non-jailbroken app.
Apple/etc seem to be suck in the mindset of the various antivirus products before the advent of adaware/etc. So the products aren't strictly virus/trojans/worms/etc but they definitely fit the definition of malware and the end results are potentially just as bad. I would actually prefer any number of virus's over the some of the shenanigans the facebook app has been accused of.
So, every apps seems to be an attack sureface.
The only jailbreak for iOS 10 was semi-teathered and only made public after Apple had patched the vulnerabilities. In order for this to work as malware the user would have to open the malicious app every time their phone restarts. Not only that, every time the they open the app their phone would appear to be out of storage and then promptly crash to the boot screen. It would be a bit of a hard sell.
I switched to Macs back in 2007. I work in IT, have always been careful to install anti virus software on Windows machines and showed my family how to avoid click bait and dangerous downloads. Even so I frequently used to have to clean malware off my old Windows machines. We do have one windows laptop on Windows 7 which is lightly used and most recently it got infected with a Firefox toolbar extension thing a few years ago that took a week to get rid of completely.
I have never once since 2007 had to deal with a single piece of malware on any of our Macs. I know it exists, Handbrake downloads got infected a while back, but the difference is night and day. In my experience Mac OS is dramatically safer than even a fully up to date Windows machine with top tier virus protection software installed.
Maybe that's changed with recent versions of Windows. Cool. Actually the only thing that drives me potty about Macs is the keychain getting corrupted, drives me potty.
With iOS, that pattern is a lot harder to abuse, and with enforced sandboxing, side-effects between programs (or, 'apps') are somewhat non-existent.
Most of the things that make non-Windows systems less infected seem to either be due to a better security design, less casual users or a drastically lower market share making it a smaller target with possible less effective organic spreading of malware. (or possibly a combination of the three)
What's the point of your critique when you can apply it to literally any piece of software? Even SEL4 relies on a correct processor, and yours has flaws.
Why would the black market pay huge sums for a sandbox escape or jailbreak -- unless it's for malware?
If the answer is "for use by intelligence agencies", well that's malware by any reasonable definition.
Chromebooks are probably the single best option for a computer with a keyboard. I wish the chrometops were a bit more compelling, as I'd probably switch my other grandmother (ubuntu 16.04) over. She has one program she plays a lot (since 1996) which runs under WINE.
Because those apps shouldn't be able to be opened unless the author has code signed them.
In which case if they are malware then just report it to Apple and they can centrally block the app.
Pointing out that "assault weapon" is meaningless is trying to combat emotive, irrational legislation based on conflating "assault weapon" with "assault rifle" because most people don't understand the difference (and one of the terms was chosen to be intentionally confusing).
In fact, your zealous answer proves my point.
Now back to viruses and PUPs.
It would be like if people had used "virus" as a generic without it ever having a technical definition (by analogy to infections), then Congress proposed to ban encryption to stop "viruses", because hey, lots of viruses use encryption.
Pointing out that co-opting from the informal "infectious software" to "software that uses encryption" is a meaningful point.
I think you're correct that the usage of virus for unwanted software is fine; I think you're wrong about the evolution of language there matching what happened with "assault weapon". Specifically, one change is going from the technical to the generic, while the other is going from the generic to technical.
yes. Those on hacker news may understand its not true but non-techies say it all the time ever since apple ran those I'm a pc tv spots
Do you have an example? Beyond the idea of user/root separation, which doesn't really do much for modern single user computers: https://xkcd.com/1200/
POSIX philosophy also prevents the "keys to the kingdom" kind of exploits you can get in windows, many linux exploits are much harder to chain together simply due to this.
The * nix networking stack has always been much more mature and robust than the windows stack, although I'll admit that's not necessarily inherent to the design.
I also really like how Gatekeeper ( https://en.wikipedia.org/wiki/Gatekeeper_(macOS) ) works – it quarantines documents such as word files, so that on first open you get a dialog pointing out that it's been downloaded. This is great, because you see the dialog very infrequently. I actually pay attention to it when it comes up.
Apple marketed it as such even until relatively recently. I've personally heard a few people regurgitate that argument.
It's probably changing because that marketing worked and the platform became more popular: you don't write malware for a platform that nobody uses.
Thus a simple reboot would clear out any infection.
That, and over time the lack of a general market presence, is likely what lead to the belief (never mind that Apple pushed the message with their I'm a Mac ads).
This article has the signature of the infection as well as listing the servers with which it communicates.
Interesting logic. I wonder if the reverse can be said...
If I were a nation state, perhaps I would be taking notes.
I keep hearing this, but I never see evidence of these people. Is there a widespread belief that there's a widespread belief that Macs are immune from malware, despite few people who actually think this?
Well, I'm sure such people exist, but there don't seem to be many, even on sites like macrumors and /r/apple where mostly non-technical people with magical feelings for Apple gather and comment.
I suspect this is largely due in part to the types of clients that would actually purchase Geek Squad protection in the first place; my job duties had me working directly with "not computer people" folks most of the time. Still, the idea that Macs were immune to malware was pervasive; on several occasions, folks returned Windows machines they had just purchased (and managed to immediately infect) and picked up a Mac instead, thinking that this act alone would make them immune to their problems, or their kids online behavior, etc. Most folks were good sports about it though, realizing that they had been misled by advertising, and allowing me to explain good security habits to them during their visit.
I think the biggest thing that bothered me about the job, and the reason I eventually left for greener pastures (I presently work in Linux Administration) was the pervasive idea that you could fix computer problems by buying additional software. This is something retailers have latched on to, and it bugs me on a fundamental level. The only way to actually be more secure is to understand your tools, so that you can recognize when they are misbehaving.
O my god yes. I worked in corporate IT and Management was sold on more complexity all. the. time.
Apple even based a commercial on the premise a while back, https://www.youtube.com/watch?v=CHFy6egYcUg
Today, a genuine virus is a rare thing, most malware are trojans. But back then viruses were the dominant form of malware. It's quite unfair to criticize people claiming Macs don't get "viruses" by changing the context on them to include all malware. That's not the claim people made.
By that time the user restriction model of Vista had existed for 8 years.
Also, back then the difference between MacOS and Windows was pretty stark so this was a valid marketing point. Not that the ads didn't oversell it, of course.
I think that marketing language is a bit BS-y, though.
Probably the general idea they are pushing, that iOS is less susceptible to malware than a laptop, is probably true, so it doesn't bother me much.
It looks like this has been updated by Apple already?
Would appreciate for any pointers.
Perhaps why it's good at running under the radar.
It is not all that surprising to me that any targeted malware could operate unnoticed for years. The odds of discovery are directly proportional to the volume of distribution and inversely proportional to the importance of the targets. This malware apparently infected a small number of low profile targets.
Most of the sample code for those APIs was deprecated by the mid 2000's
Unless the attacker had some unique reason for using that, which seems unlikely, that really does put the code at about 10 years old or so...
I have used various Linux systems as my daily web browsing machine for years without feeling the need to install any third-party antivirus.
No, almost nobody does it (plus, a few "antivirus" products for Mac are malware themselves, e.g. Mac Defender etc.).
Most so-called "viruses" for Mac are in fact merely trojans (programs you need to download and run yourself to infect you).
Nice try, NSA.
Sounds like we'll be hearing more after BlackHat. Wish I wasn't skipping this year.
"Unexpected"? How? This would have been obvious to Wardle. Maybe the journalist added this to "inject some suspense"? Thanks but no thanks, I won't bother reading the rest of this article.